The ShadowBrokers Released UNITEDRAKE

The infamous shadow brokers are back with their promised TheShadowBrokers Dump Service – September 2017 and releasedUNITEDRAKE, the implant is a “fully extensible remote collection system” that comes with a number of “plug-ins,” enabling attackers to remotely take full control over targeted Windows computers.

UNITEDRAKE is a modular malware described as a “fully extensible remote collection system designed for Windows targets.”

Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information, with clients planted on target machines that send information to a server over the internet.

The existence of UNITEDRAKE first came to light in 2013 as part of a series of classified NSA documents leaked by Edward Snowden and in a catalog of NSA hacking tools leaked by a second source, which revealed it was used by the NSA alongside other pieces of malware to infect millions of computers around the world.

By using “plugins”, UNITEDRAKE can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.

The Snowden documents suggested the agency used the tool alongside other pieces of malware, including CAPTIVATEDAUDIENCE, GUMFISH, FOGGYBOTTOM, GROK, and SALVAGERABBIT, to infect millions of computers around the world.

CAPTIVATEDAUDIENCE is for recording conversations via the infected computer’s microphone

GUMFISH is for covertly taking control over a computer’s webcam and snap photographs